Lucene search

[email protected]CVE-2009-1587

HistoryMay 07, 2009 - 11:30 p.m.

CVE-2009-1587

2009-05-0723:30:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-1587

php site lock 2.0

authentication bypass

administrative access

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.

Affected configurations

NVD

Node

kalptarudemosphp_site_lockMatch2.0

CPENameOperatorVersion
kalptarudemos:php_site_lockkalptarudemos php site lockeq2.0

CPE	Name	Operator	Version
kalptarudemos:php_site_lock	kalptarudemos php site lock	eq	2.0

References

osvdb.org/54203

secunia.com/advisories/34995

www.vupen.com/english/advisories/2009/1249

exchange.xforce.ibmcloud.com/vulnerabilities/50304

www.exploit-db.com/exploits/8604

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2009-1587

nvd1 prion1 cvelist1